Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Medtronicdiabetes
  • 523 Paradigm Revel Firmware
  • 723 Paradigm Revel Firmware
  • 722 Paradigm Real-time Firmware
  • 508 Minimed Insulin Pump
  • 722 Paradigm Real-time
  • 522 Paradigm Real-time Firmware
  • 523k Paradigm Revel
  • 723k Paradigm Revel
  • 551 Minimed 530g
  • 751 Minimed 530g Firmware
  • 723 Paradigm Revel
  • 508 Minimed Insulin Pump Firmware
  • 523 Paradigm Revel
  • 751 Minimed 530g
  • 551 Minimed 530g Firmware
  • 523k Paradigm Revel Firmware
  • 723k Paradigm Revel Firmware
  • 522 Paradigm Real-time

Configuration 1 [-]

AND
cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:medtronicdiabetes:523k_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:523k_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:medtronicdiabetes:723k_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:723k_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:medtronicdiabetes:551_minimed_530g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:551_minimed_530g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:medtronicdiabetes:751_minimed_530g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:751_minimed_530g:-:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/105044 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-08-08T00:00:00

Updated: 2018-08-14T14:57:01

Reserved: 2018-08-01T00:00:00

Link: CVE-2018-14781

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2018-08-13T21:48:01.227

Modified: 2019-10-09T23:35:11.500

Link: CVE-2018-14781

JSON object: View

cve-icon Redhat Information

No data.

CWE